By analyzing the domains and email addresses used by the Magecart Group 5, researchers were able to identify several domains that are connected to the Dridex campaigns.
Especially, a specific email address was found to be used for registration of domains for various Dridex phishing campaigns.

Researchers from Malwarebytes have analyzed the domains and activities of Magecart Group 5 and have determined connections to the Carbanak group and Dridex phishing campaigns. Magecart Group 5 targets the supply chain used by e-commerce sites to load various libraries, analytics, or security seals.

The group’s attacks are primarily aimed at compromising a third-party supplier in order to impact hundreds of thousands of websites.
The group’s attack vector is a highly obfuscated skimmer script that exfiltrates payment card data such as credit card number, expiry date, and CVV from customers who purchase from one of the compromised stores.